Type: FindingSubcategory

Enumeration of the different detailed subcategorizations of Findings.

ENUMERATION VALUES

ANY_CRYPTO: Any Crypto Material detection
AUTH_KEY_FILE_PRESENT: Auth Key File detected
BLANK_ROOT_PASSWORDS: Root user account with empty / blank password
BLANK_USER_PASSWORDS: User account with empty / blank password
DEAD_CODE
DEBUG_FLAG_ON: Software compiled with DEBUG flag enabled
DOUBLE_FREE: Double Free detection. Double Free is a type of memory corruption flaw that can be exploited by an attacker to execute arbitrary code or cause a denial of service (DoS) condition.
EXPIRED_CERTIFICATE: Expired Certificate detected
EXPRESSION_ALWAYS_TRUE
HARD_CODED_CODE_KEY
HEAP_BUFFER_OVERFLOW: Heap Buffer Overflow detection. Heap Buffer Overflow is a type of memory corruption flaw that can be exploited by an attacker to execute arbitrary code or cause a denial of service (DoS) condition.
HIGH_CODE_COMPLEXITY
HTTP_REQUEST_BODY: HTTP server configured without request body size limit
HTTP_REQUEST_FIELDS_UNLIMITED: HTTP server configured without request fields limit
HTTP_REQUEST_HEADER_SIZE: HTTP server configured without header size limit
HTTP_REQUEST_LINE_SIZE: HTTP server configured without request line size limit
IMPROPER_LENGTH_HANDLING
IMPROPER_NEUTRALIZATION
INCORRECT_BEHAVIOR_ORDER
INCORRECT_RANDOM_SEED
INCORRECT_RANDOM_USAGE
INFORMATION_DISCLOSURE_LEAK
INHERENTLY_DANGEROUS_FUNCTION: Use of inherently dangerous function
INSECURE_CURL
INSECURE_TEMP_FILE: Use of insecure temp file
LINUX_NO_CANARY
LINUX_NO_NX
LINUX_NO_RELOC
LINUX_NO_RELRO
LOGIC_BOMB_DATE_TIME
LOGIC_BOMB_ENCRYPTION
LOGIC_BOMB_GENERAL
LOGIC_BOMB_NETWORKING
LOGIC_BOMB_TASK_MGMT
LOGIC_BOMB_USER_MGMT
MISSING_VARIABLE_INIT: Missing initialization of a variable. This can lead to undefined behavior and potentially exploitable conditions.
NUMERIC_TRUNCATION
OBSOLETE_FUNCTION: Use of deprecated function
PASSWD_HARD_CODED_PASSWORDS: Hard coded passwords detected in passwd files
PASSWD_USER_ACCOUNTS: User account detected in passwd file
PEM_CERTIFICATE_EXPIRED: Expired PEM Certificate detected
PEM_CERTIFICATE_KEY: PEM Certificate detected
PGP_PRIVATE_KEY: PGP Private Key detected
PKCS8_PRIVATE_KEY: PKCS8 Private Key detected
PKCS12_PRIVATE_KEY: PKCS12 Private Key detected
POTENTIALLY_DANGEROUS_FUNCTION: Use of potentially dangerous function
REMOTE_CODE_EXECUTION_BACKDOOR
REUSING_NONCE
SELF_SIGNED_CERT: Self Signed Certificate detected
SELINUX_DISABLED: SE Linux disabled
SHADOW_HARD_CODED_PASSWORDS: Hard coded passwords detected in shadow files
SSH_DEFAULT_PORT: SSH daemon configured to use default port
SSH_MAX_RETRIES: SSH daemon configured max retries
SSH_PERMIT_EMPTY_PASSWORD: SSH daemon configured to permit empty passwords
SSH_PERMIT_ROOT: SSH daemon configured to permit root login
SSH_PRIVATE_KEY: SSH Private key detected
SSH_WEAK_CIPHERS: SSH daemon configured to use weak ciphers
SSL_PRIVATE_KEY: SSL Private Key detected
STACK_BUFFER_OVERFLOW: Stack Buffer Overflow detection. Stack Buffer Overflow is a type of memory corruption flaw that can be exploited by an attacker to execute arbitrary code or cause a denial of service (DoS) condition.
TELNETD_STARTED
UNCHECKED_RETURN_VALUE
USE_AFTER_FREE: Use After Free detection. Use After Free is a type of memory corruption flaw that can be exploited by an attacker to execute arbitrary code or cause a denial of service (DoS) condition.
VERY_HIGH_CODE_COMPLEXITY
VXWORKS_EXE_NO_INT_PROT
VXWORKS_EXE_NO_KERNEL_PROT
VXWORKS_EXE_NO_PASSWORD
VXWORKS_EXE_NO_USER_STACK_PROT
VXWORKS_EXE_NO_WRITE_PROT
VXWORKS_HARD_CODED_PASSWORDS: Hard coded passwords detected in VxWorks
WEAK_RANDOM_SEED
WGET_NO_CERTIFICATE_CHECK
WIFI_HARD_CODED_PASSWORDS: Hard coded Wifi passwords detected
WINDOWS_NOT_STRIPPED
WINDOWS_NO_NX
WINDOWS_PIC_RELOC

This page was generated: 2024-05-17